By now, everyone is aware of the Equifax data breach affecting up to 143m people in the USA, UK and Canada.

Sophos CISO Norm Laudermilch has put together four simple steps that you can take to make sure your family gets through this with identities and finances intact.

1. Check your credit report

Check your credit report immediately to make sure that you haven’t already been compromised.

In the USA everyone is entitled to one free credit report each year, from each of the major reporting agencies. Free report links can be found on each of their websites. You can go to the Annual Credit Report website to get reports from all three in one swoop instead of having to call them separately.

Unfortunately, the high volume of site visitors may cause delays. In that scenario, you can call 1-877-322-8228. Deaf and hard of hearing consumers can access the TTY service by calling 711 and referring the Relay Operator to 1-800-821-7232.

3. Consider ID theft protection

Consider using an identity theft protection service if you have been affected. Identity theft protection services LifeLock and IdentityGuard are both offering discounts and free months if you’ve been affected by a breach. Equifax is also offering its own TrustedID Premier service free for a year. Rumours that consumers waive their right to take part in future legal action if they sign up for the services are not true:

To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action … we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.

4. Freeze your credit file

Freeze your credit with all four reporting agencies. A credit freeze stops the agencies from releasing your information to new creditors without authorization. While this doesn’t solve the problem of our leaked personal data, it does limit the potential impact of an identity theft incident. Fees for this service vary from state to state.

There are drawbacks: you will have to “thaw” the freeze for valid purchases like buying a new car or home. It is not a slick process – but the advantages outweigh the annoyances.

The cost to freeze your credit varies by what state you’re in.

Here’s how you can freeze your credit file:

Equifax: Enter all of your personal information, enter the code verification shown on the screen, accept the terms of use, and hit “Submit” at the bottom of the screen. Pay the fee using a credit card on the next screen. Make sure to write down the “thaw” PIN that is generated because you’ll need that to undo this process later.

Experian: Enter all of your personal information, accept the terms of use, and hit “Submit” at the bottom of the screen, pay the fee on the next screen, and remember to write down your PIN.

TransUnion: Click on “Register” to the right and create an account, then follow the directions on the screen, pay your fee, write down your PIN.

Innovis: Click the button for “Request a Security Freeze”, fill out the personal information and click “Submit Request” at the bottom of the page.

About the author

18 comments on “Equifax: four simple steps to secure yourself”

Step 3 and 4 both cost the consumer monthly or yearly fees. Equifax should be footing the bill. Secondly, step 4 calls for the consumer to freeze their credit file with Equifax by providing a credit card number and paying $10. This is the same way Equifax had consumer credit card numbers in the first place and look how that turned out, so we should give them more numbers? Also, why aren’t they offering to freeze credit files for no charge?!?

I was with you up to that last paragraph. The author of this article is a “suit”, as are many others who are utterly undeserving of your scattergun criticism. Bigotry and stereotyping aren’t always about race or religion. Intelligent people should be able to make judgments of others based on individual merit (or lack thereof). Try it yourself… or don’t complain when others make the same sort of rash assessments about you.

Its disgraceful that consumers are expected to spend $40 to freeze their credit when we did nothing wrong and most of us would prefer that Equifax never had our personal information to begin with. Major fail by the American government and financial industry.

There are actually two problems with the inadequate Equifax response. I just finished a with the “Trusted Premier” call center and both the agent and her supervisor “John” declined to help with either one, or even give me an email address or phone number to which I could communicate my concerns. They had no interest in fixing the problem and weren’t very friendly about it. They wouldn’t even agree to find out who I could contact and call me back. The supervisor said “I’m too busy.”

1) The Equifax freeze does not automatically freeze TransUnion, Experian, and Innovis. Equifax should have arranged this (paying for it if necessary) to protect consumers. who don’t realize they need to do that.
2) The Equifax freeze and TrustedID Premier offering expire for a year. My name, address, date-of-birth, and SSAN will be the same after a year. There is nothing to stop the hackers from sitting on the data for a year-and-a-day and then committing ID theft.

Equifax is talking big, but their action is taking the cheapskate way out.

See the link below, if you are from Connecticut and younger that 18 or older than 62. You won’t have to pay anything for the Freeze from any of the four credit reporting companies. Yes four; don’t forget Innovis. It’s used by some banks and credit unions.https://www.cga.ct.gov/2015/rpt/pdf/2015-R-0176.pdf

because of a case of ID theft we had in 2011, we froze all our credit reports back then and have not regretted it one bit. Even getting a new travel credit card was painless. But the companies are in the business of providing important information to lenders and would dig their own grave if they all now would freeze everybody’s reports. You have to be smarter than them and that’s not easy.

Recently, I heard that all credit reporting agencies sell your information. Is this true? If it is true, what’s the point of freezing your credit? A couple of years ago, someone attempted to open a credit card in my name, had all my information, etc. I froze my accounts with the credit bureaus. About 6 months later, I went to my bank to obtain a credit card, then realized I had freezes on my credit. The financial person helping me said don’t worry, he clicked a few keys on his computer and had my credit score.

Although it makes for better PR and promotes fear propaganda to blame foreign governments, it is very possible that the data breach at Equifax is an internal action, aka – a server dump, whether accidental or intentional (such as if the company is facing bankruptcy), and not stolen information. Equifax’s indemnity insurance likely covers external attacks, as well as offers more legal protections. So, it would make (dishonest) sense for them to make that claim.
If the intrusion was from an external source (citizen anon), it is likely deleted information – rather than stolen information. Those are two very different things. This can be seen as a result of implementing egregiously long prison sentences for those executing DDoS attacks; anons revert to more permanent and less detectable hacks.
In addition, the US government has a vested interest in the recovery of our personal data. Staffing agencies, and other third parties, are beginning to request SF 86-style background checks from employees, clients, and patients for no practical or legitimate reasons.

If you had a credit freeze in place before the Equifax Breach, you must unfreeze or thaw your account in order to complete the final step(s) of registration for the free one year of TrustedID Premier credit monitoring service according to Customer Service. I doubt the credit monitoring service is worth the additional effort and I feel as if I am likely exposing myself unnecessarily.